[PLUG] 'logcheck'

JP Vossen on 22 Mar 2009 13:17:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] 'logcheck'

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: [PLUG] 'logcheck'

Date: Sun, 22 Mar 2009 16:17:35 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.19 (Windows/20081209)

I have said this before but I am a huge fan of the Debian/Ubuntu implementation of logcheck. I am also not aware of any other major distro that makes using logcheck so "built-in" and easy. If you run any kind of Debian/Ubuntu server, you really need to be using this. As soon as something bad or new happens, you get an email. It's like magic. ----- cut here ----- logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers Description: mails anomalies in the system logfiles to the administrator Logcheck was part of the Abacus Project of security tools, but this version has been rewritten. Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. Homepage: http://www.logcheck.org/ ----- cut here ----- Logcheck is a simple yet great idea. You have 3 pattern (grep regex) files: Known bad Looks bad but isn't Known good Logcheck looks for "known bad" things but removes stuff that "looks bad but isn't" and outputs to "this is bad." Then it removes the "known good" and stuff that "looks bad but isn't" and outputs to "this is unknown." Over time, as you tune your files, you end up only being alerted to known bad or new (not yet classified) stuff. Brilliant. I even did a (cheesy) Windows port of it: * http://www.jpsdomain.org/windows/winlogcheck.html But the best about the Debian/Ubuntu implementation is that almost all of the patterns you need are already Just There. I usually only have to add a handful to work around odd things I'm doing or minor bugs. Later, JP PS--Maybe someone should put together a Debian sysadmin tips preso, with logcheck, fcheck, etckeeper, etc. ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] 'logcheck'
From: jeff <jeffv@op.net>

Prev by Date: Re: [PLUG] Need help with Postfix config [auth/encrypted STMP = solved]

Next by Date: [PLUG] Wine and winetricks

Previous by thread: Re: [PLUG] Need help with Postfix config [auth/encrypted STMP = solved]

Next by thread: Re: [PLUG] 'logcheck'

Index(es):

Date

Thread